Tuesday, October 17, 2017

Serious flaw in WPA2 protocol lets attackers intercept passwords and much more

Serious flaw in WPA2 protocol lets attackers intercept passwords and much more

See the article with the link above..

Millions of high-security crypto keys crippled by newly discovered flaw

Link to the article

Security Notice: Key Reinstallation Attack (KRACK)

Security Notice: Key Reinstallation Attack

On October 16, a WPA2 exploit was disclosed known as Key Reinstallation Attack (KRACK) that affects all WPA2 protected Wi-Fi networks. This exploit could lead to user's WiFi traffic becoming comprised. Further background on the exploit can be found here.

Learn about the impact and Open Mesh's fix by clicking below. 



Copyright © 2017 Open Mesh, All rights reserved.

What is your biggest security blindspot?

How Do You Handle Your Biggest Security Blind Spot?

Avoid Third-Party Risk by Monitoring the 

Cybersecurity Health of Any Organization

Third-party breaches are one of the most common cybersecurity blind spots of any organization.
Does your vendor risk management program provide you with the information necessary to manage this common threat and reduce the likelihood of your becoming a target via a third party?

SecurityScorecard does.

Learn more about how SecurityScorecard will help you gain instant visibility into third-party risk and take control of your vendor ecosystem, before it's too late.

An industry leader for thirty years, Bit by Bit delivers powerful and cost-effective technology solutions designed to meet our client's specific IT needs. Our customized solutions are adept at solving critical business problems while empowering organizations to focus on productivity and profitability.

Robert Blake
Bit by Bit Computer Consultants
721 N Fielder Rd. #B
Arlington, Texas 76012
Direct 817.505.1257
Mobile 972.365.7010

Monday, October 9, 2017

How Important is User Education to Cyber Security?

User education is more important than basic network security, because user education stops attacks before they ever access your network. You can have the best anti-malware software available, but it won't be able to stop every attack. As malware writers improve their attack tactics, anti-malware can't keep up.

Anti-malware programs can't protect you from certain attacks, mainly phishing. Phishing is one of the most common attack vectors used today, and it has been responsible for major data breaches. An attacker sends emails to several recipients within the organization. All it takes is for one of these recipients to access a malicious site, input their user credentials, and the attacker has access to your network. No amount of anti-malware procedures can protect from this type of attack except for user education.

What Happens When Users Don't Recognize Attacks?

Several recent successful attacks have been from users falling prey to phishing attacks. Even Google had a recent outbreak of a widespread phishing attack that spread across several education systems (nbcnews.com/tech/security/massive-phishing-attack-targets-millions-gmail-users-n754501).

The attacker created a page that looked similar to the Google login screen and tricked users into giving them access to their accounts. Although the attacker never took advantage of account access, he could have authorized password resets and used the account information to sell on the black market.

You could ask yourself how something like this could be prevented. There is no technology that prevents this type of attack other than educating your users. The result of a successful attack can be devastating to your customers and employees, which is why user education is more important than having anti-malware software on your network.

What Can You Do to Educate Your Users?

It's not easy to educate users, because what seems like an obvious scam to you might not be so obvious to your users. They need to understand the red flags, and then apply some common sense from what they learn. The best way to educate users is to show them example phishing emails and describe the red flags.

If you have a Gmail account you probably have several phishing emails in your spam folder. You can use these to show your users what a phishing email looks like. There are several standard types like the Google lottery scam or the Nigerian prince scam, but you should show your users the emails that attempt to phish for private details such as usernames and passwords.

For instance, one common phishing scam is using a clone of PayPal. The attacker creates an email that uses the PayPal logo and tells the user that PayPal requires them to reset their password. If the user falls for the scam, the attacker has their PayPal username and password, and he can log in and steal their money. This attack is very similar to what happens when the attacker focuses on a corporate network, so it's a good example to show your users.

After you have some phishing emails collected, you can show users the common red flags, which include:
   Shortlinks included in the email message
   Hovering the mouse over a link shows a domain different than the official PayPal domain
   Poor English spelling and grammar
   The sender's address is from a free email account such as Gmail, Hotmail, or Yahoo

In addition to training users to recognize red flags, you should also train them to report suspicious emails. The email administrator can block future attacks from the sender based on the sender address or the email content. It also lets IT know that someone is attacking the corporation, and managers can be alerted in case of a spear phishing attack, which is an attack that targets high-level executives.

Even if it seems like a waste of time, educating users can have a huge positive effect on your network's security. You can stop attacks before they become major data breaches. These breaches affect your corporate brand and customer trust. By educating users, you have a stronger security system in place.

For help with implementing this or other technology solutions contact:

Robert Blake
Bit by Bit Computer Consultants
721 N Fielder Rd. #B
Arlington, Texas 76012 
Direct 817.505.1257
Mobile 972.365.7010

Wednesday, October 4, 2017

Bit by Bit - What is your biggest security blindspot?

Suffering a data breach has a $7M+ price tag. Does your organization have visibility into the security posture of its business ecosystem? 

Your Biggest Security Blind Spot: 

Why Third Party Breaches Are On The Rise

SecurityScorecard Logo
Hi Tracey,
It only takes one third party breach for a hacker to reach your network -- and most companies have tens of thousands of vendor relationships. 
The PWC 2015 US State of Cybercrime Survey found 23% of organizations do not evaluate third parties at all, 19% of CIOs are not concerned about supply-chain risks, and only 16% of respondents evaluate third parties' security more than once a year.
Download SecurityScorecard's latest white paperWhy Third Party Security Breaches Are On The Rise to learn:
·         Why 70% of attacks occur as a result of third party security breaches
·         The weakest link 'attack methodology'
·         Why outsourced business resources means outsourced risk
Cybersecurity and the increasing risk present in third parties are the subject of 4 out of the 6 financial services cyber trends in Booz Allen Hamilton's 2016 annual report
Download the white paper now, and find out why third parties are the number one risk.
For more information on how your organization can gain operational command of 3rd party risk, and visibility into the security posture of your entire business ecosystem -- contact Bit by Bit today:
 (212) 691-8081
New Call-to-action
Follow us on FacebookFollow us on TwitterFollow us on Linkedin

Robert Blake
Bit by Bit Computer Consultants
721 N Fielder Rd. #B
Arlington, Texas 76012
Direct 817.505.1257

Read my Blog at www.3boffice.com